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Abstract 

We prove that every computably enumerable (c.e.) random real is provable in 
Peano Arithmetic (PA) to be c.e. random. A major step in the proof is to show that 
the theorem stating that "a real is c.e. and random iff it is the halting probability of a 
universal prefix-free Turing machine" can be proven in PA. Our proof, which is simpler 
than the standard one, can also be used for the original theorem. 

Our positive result can be contrasted with the case of computable functions, where 
not every computable function is provably computable in PA, or even more interest- 
ingly, with the fact that almost all random finite strings are not provably random in 
PA. 

We also prove two negative results: a) there exists a universal machine whose 
universality cannot be proved in PA, b) there exists a universal machine U such that, 
based on J7, PA cannot prove the randomness of its halting probability. 

The paper also includes a sharper form of the Kraft-Chaitin Theorem, as well as a 
formal proof of this theorem written with the proof assistant Isabelle. 



1 Introduction 



A real in the unit interval is computably enumerable {c.e.) if it is the limit of a computable, 
increasing sequence of rationals. We identify a real with its infinite binary expansion. In 
contrast with the case of a computable real, whose bits are given by a computable function, 
during the process of approximation of a c.e. real one may never know how close one is to 
the limit. A real is (algorithmic) random if its binary expansion is an algorithmic random 
(infinite) sequence [7, 20, 8, 4, 11]. 



A prefix-free machine is a Turing machine, shortly, machine, from strings to strings whose 
domain is a prefix-free set. A machine is universal if it can simulate every machine. Chaitin 
[7] introduced the halting probability of a universal machine U, Chaitin's Omega num- 
ber 

U{x) is defined 

and proved that ^jj is c.e. and random. As shown by Calude, Hertling, Khoussainov, 
Wang [6] and Kucera, Slaman [16], (see also [3]) there are no other c.e. random reals: 

Theorem 1 The set of c.e. random reals coincides with the set of halting probabilities of 
all universal machines. 

C.e. random reals have been intensively studied in recent years, with many results sum- 
marised in [4, 11]. 

Theorem 2 (Chaitin [7]) Assume that ZFC (Zermelo-Fraenkel set theory with choice) 
is arithmetically sound (that is, any theorem of arithmetic proved by ZFC is true). Then, 
for every universal machine U, ZFC can determine the value of only finitely many bits of 
^if, and one can calculate a bound on the number of bits ofQ,u which ZFC can determine. 

The real Q,u depends on U , and so by tuning this choice one gets: 

Theorem 3 (Solovay [19]) We can chose a universal machine U so that ZFC (if arith- 
metically sound) cannot determine any bit of^jj. 

This result was generalised as follows: 

Theorem 4 (Calude [2]) Assume that ZFC is arithmetically sound. Let i > 1 and con- 
sider the c.e. random real a = 0.1*~^0Q!j-|-i • • • Then, we can effectively construct a univer- 
sal machine U (depending upon ZFC and a) such that PA (Peano Arithmetic) proves the 
universality of U, ZFC can determine at most i — 1 initial bits of Qu and a = 0,u. 

The proof of Theorem 4 in [2] starts by fixing a universal machine V such that the univer- 
sality of V is provable in PA and = ck. Solovay [18] observed that "it is by no means 
evident that there is a universal prefix-free machine whose universality is provable in PA 
and whose halting probability is a" . 

Let a £ (0, 1) be c.e. and random. Is there any representation of a for which 
PA can prove that a c.e. and random? 
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We give an affirmative answer to tliis question. A major step in tfie proof is to sfiow tfiat 
Tlieorem 1 can be proved in PA. Our proof, wfiich is simpler than tfie standard one, can 
be used also for the original theorem. 

The paper also includes a sharper form of the Kraft-Chaitin Theorem, as well as a formal 
proof of this theorem written with the proof assistant Isabelle. 

In what follows proofs will be written in Solovay's style [19]. All necessary steps are 
presented in sufficient detail to leave the remaining formalisation routine. The formalisation 
of the Kraft-Chaitin Theorem is presented with full details, and then a sketch of the formal 
proof in Isabelle is discussed. 

The paper is organised as follows. Sections 2 and 3 present all facts on formal provability 
and Algorithmic Information Theory needed for this paper. The Kraft-Chaitin Theorem is 
presented in Section 4. Section 5 presents three ways to prove randomness, using Martin- 
Lof tests, prefix-free complexity, and Solovay representation formula. In Section 6 we revisit 
Chaitin's Theorem on the randomness of the halting probability of a universal machine. In 
Section 7 we prove that a real a € (0, 1) is provably Chaitin-random iff it is provable that 
a = ri[/ for some provably universal machine U (see Theorem 18). In Section 8 we prove 
our main theorem: every c.e. random real is provably random (Theorem 22). In Section 9 
we construct a universal machine U based on which PA cannot prove the randomness of 
its halting probability. Section 10 presents a formal proof of the Kraft-Chaitin Theorem 
written with Isabelle. The final Section 11 includes a few general remarks. 

2 Provability 

By Ca we denote the first-order language of arithmetic whose non-logical symbols consist 
of the constant symbols and 1, the binary relation symbol < and two binary function 
symbols + (addition) and • (multiplication). Peano Arithmetic (see [15], shortly, PA) is 
the first-order theory given by a set of 15 axioms defining discretely ordered rings, together 
with induction axioms for each formula ip{x, yi, . . . , yn) in Ca- 

Vy((/?(0,y) A Va;((^(x,y) ip{x + l,y)) -^yx{ip{x,y)). 

The structure N whose domain is the set of naturals N = {0, 1, 2, . . .}, where the symbols 
in Ca have the obvious interpretation, satisfies the axioms of PA; this is the standard 
model for PA. There are non-standard models of PA that are not isomorphic to N. If M 
is a structure for Ca and ip{x) is an >Cyi-formula with free- variables x = {xi, . . . ,Xn) and 
a = (oi, . . . ,a„) G M, then we write M 1= (p{a) to mean that "y? is true in M when each 
variable is interpreted by Oj" . We blur the distinction between n and the closed term of 
Ca, (• • • (((1 + 1) + 1) + 1) + • • • 1), (n times). 
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A formula 9{x) of Ca is Aq if all its quantifiers are bounded. A formula tp{x) of Ca is Si 
if it is of the form ijj{x) = 3y9{x, y) with 0{x, y) G Aq; ^(x) of Ca is Hi if it is of the form 
= yy0{x,y) with 0{x,y) G Aq. 

By PA \- 6 wc mean "there is a proof in PA for 9" . It is useful to know that PA proves 
the least number principle: PA h yy(3xip{x,y) 3z{ip{z,y) A Vu; < z -'(p{w , y))) , for each 
formula ip{x, y) of Ca- 

An important link between computability and provability is given by the following results. 

Theorem 5 A partial function from N to N «s partial computable iff its graph is equivalent 
to a Si C A- formula. 

Corollary 6 A set A (ZN^ is computably enumerable (c.e.) if there is a Si CA-formula 
(p{x) such that for all x G N^, xeAiffN\= ip{x). 

A total function / : N*^ ^ N is represented in PA if there is an >C^-formula 9{x) such that 
for all n G N*: 

1. PA h 3\ye{n,y), and 

2. if A; = /(n) then PA h 9{n, k). 

(Here 3! means "there exists a unique".) One can show that every total computable 
function is represented by a Si-formula of PA [15]. 

A function / : N — N is provably computable [12, 15] if there exists a Si-formula of PA 
ip{x, y) such that: 

1. {(n, m) I m, n, G N, f{n) = m} = {(n, m) | N t= (p{n, m)}, 

2. PA h yx3\yip{x,y). 

In view of Corollary 6, any provably computable function has a c.e. graph, so it is total 
and computable. These functions can be viewed as computable functions whose totality is 
proved by PA. 

Theorem 7 ([15]) Every primitive recursive function is provably computable, but there 
exist computable functions which are not provably computable in PA. 

If / is computable but not provably computable in PA, then the statement "/ is total" 
is true but unprovable in PA. In contrast with the case of computable functions, c.e. sets 
are provably enumerable [12] (because every non-empty c.e. set can be enumerated by a 
primitive recursive function, [1], p. 138). 
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In what follows all computations will be implemented by primitive recursive functions. 
Hence, we will work with a special type of Si formulae. By abuse of language we say that 
a formula of PA is if it has the form 3xP{x), for some primitive recursive predicate 
P{x). A formula of PA is if the form \/x3yP{x,y), for some primitive recursive 

predicate P{x, y). 

Our metatheory is ZFC. We fix a (relative) interpretation of PA in ZFC. Each formula of 
Ca has a translation into a formula of ZFC determined by the interpretation of PA in ZFC. 
By abuse of language we shall use the phrase "sentence of arithmetic" to mean a formula 
with no free variables of ZFC that is the translation of some formula of PA. We assume 
that ZFC is 1-consistent, that is, if it proves a S° sentence then that sentence is true (in 
the standard model of PA) . 

Theorem 8 (Solovay [19]) Every J]^ sentence proved by ZFC is true. 

As a consequence, it follows that ifU is a machine which PA can prove universal and ZFC 
can prove the sentence "the i-th digit of Q,u is k ", then the sentence is true. Whenever 
we talk about the provability of a sentence of arithmetic we mean that PA proves its 
corresponding translation formula. 

If there is a proof in PA for statement A we say that A provable in PA. We say that A is 
provably P (where P is a property) if the statement "yl has P" is provable in PA. 

3 Algorithmic Information Theory: Some Definitions and 
Results 

All reals are in the unit interval. A c.e. real a is represented by an increasing computable 
sequence of rationals converging to a. We blur the distinction between the real a and the 
infinite base-two expansion of a, i.e. the infinite sequence aia2 («« G {0, 1}) such 

that a = 0.aia2 ■ ■ ■ otn - ■ ■ By a{n) we denote the string of length ra, aia2 ■ ■ ■ ctn- 

The set of (bit) strings is denoted by S*; e denotes the empty string. If s is a string then 
|s| denotes the length of s. We import the theory of computability from natural numbers 
to strings by fixing the canonical bijection between S* and N induced by the linear order 
s < t if |s| < \t\ or \s\ = \t\ and s lexicographically precedes t. 

A machine U is universal if for every machine V there is a constant c (depending upon U 
and V) such that for all strings s, t, if V{s) = t, then U{s') = t for some string s' of length 
l^'l < |s| + c. The domain of U is the set {a; € S* | U{x) is defined}. The Omega number 
Qjj = ^xedomU 2~'^' is halting probability of U. The prefix-free complexity of the string 
x E'E* (relatively to the machine C) is Hc{x) = min{|y| | y G S*, C{y) = x} (min0 = oo). 
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KU is a universal machine, then for every machine we can effectively construct a constant 
c (depending on U and C) such that Hu{x) < Hc{x) + c, for all x. 

A real a is Chaitin-random if there exists a universal machine U and constant c such that 
for all n > 1, Hu{a{n)) > n — c. 

A c.e. open set is a c.c. union of intervals with rationals endpoints [a, b) and /U is Lebesgue 
measure. If S" is a prcfix-frcc set, then n{S) denotes the Lebesgue measure of the cylinder 
denoted by S, i.e. all reals whose infinite binary expansions have a prefix in S. To the 
string X we associate the interval [0.x, 0.x + 2~l^l) of measure 2~l^l. A Martin-L6f test 
(shortly, ML test) ^ is a uniformly c.e. sequence of c.e. open sets A = (An) such that for 
all n > 1, fi{An) < 2^". A real a is Martin-Lof-random (shortly, ML-random) if for every 
ML test A there exists an i such that a ^ Ai. A classical theorem states that a real is 
Chaitin-random iff it is ML-random [8, 4]. 

Note that Chaitin and Martin-Lof definitions apply to any real. In the special case of c.e. 
reals the following Solovay representation formula stated in [18] is used: A real a is c.e. 
and random if there exists a universal machine U, an integer c > a and a c.e. real 7 > 
such that a = 2~'^ ■ + 7 (see Lemma 20). 

4 Kraft- Chaitin Theorem Revisited 

We start by showing that PA can prove the Kraft-Chaitin Theorem [8, 4]. 

Theorem 9 Suppose {ni,yi)i G N x S* is a primitive recursive enumeration of "requests" 
which provably satisfies 2""* < 1. Then there exists a provably prefix-free machine M 
and a primitive recursive enumeration {xi)i o/dom(M) such that the following is provable 
in PA; 

1. /i(dom(M)) = ^.2-"% 

2. \xi\ = Hi for all i G N, 

3. M{xi) = Vi for all i G N. 

Proof. Algorithm 1 below enumerates the graph of M. Intuitively, Si keeps track of the 
tree of prefixes we haven't allocated yet. To start with we have allocated nothing, so 
Sq = {e}. At each step we want a string (node) of a given length (depth) n^. The program 
selects the deepest leaf it can, then creates the smallest number of new leaves to create 
the node we need. 

Examining Algorithm 1, it is clear that the sequence Xi = SjO"'"'**' is a primitive recursive 
enumeration of dom(M), and whenever Xi is defined we have M{xi) = yi and \xi\ = Ui. It 
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Algorithm 1 

1: So = {e}, To = 0, ro = 0, z ^ 0. 

2: loop 

3: Let Si be the longest element of S of length at most Wj. If no such string exists, 

terminate. 

4: if |sj| = Hi then 

5: Si+i = {Si\{si}). 

6: else 

7: = {Si \ {si}) U {sil, SiOl, SiOH, SiO^-\'^\-H}. 

8: end if 

9: Define M(sjO"'-l^'l) = yi. 

10: Ti+i =TiU{siO"^-l^'l}. 

11: n+i =ri + 2-"-i. 

12: + 

13: end loop 

remains to show that Xj is defined for all i G N (i.e. the program never terminates), that 
dom(M) is prefix-free, and ;u(dom(M)) = X^i^""'- 

It suffices to establish, for all i, the following invariants: 

1. Si UTi is prefix-free (which implies that Si and Tj individually are prefix- free) , 

2. ii{SiUTi) = l, 

3. fj,{Ti) = ri, 

5. If 2~" < fi{Si), then Si contains a string of length at most n (equivalently. Si contains 
strings of distinct length). 

The base case is trivial. For the inductive step, first observe that line 3 of Algorithm 1 
doesn't terminate since 2~"' < iJ,{Si) by invariant 5. We see that 

Si+i U Ti+i = {{Si U Ti) \ {s^}) U {sil, SiOl, SiOH, . . . , SiO"'-l^^l-4, SiO"^-l^*l} 

which is prefix- free establishing invariant 1. Prom this we can see invariant 2 holds: /x(S'i+iU 
Tj+i) = n{Si U Ti) = 1. Next observe invariant 3 holds too: //(Tj+i) = //(T^) -|- 2""' = n+i, 
which implies that fj,{Si+i) = n{Si) — 2~"k Prom this follows invariant 4: ^j>i_^_l 2~"^ < 
/u(5j-|_i). Finally, since Sj is the longest string of length at most rii in Si, and we add strings 
of distinct length between -|- 1 and to Si to form Si+i, we see that Si+i consists of 
strings of distinct lengths. This establishes invariant 5. □ 
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5 Randomness and Provability 



In this section we discuss three forms of provabihty for randomness. 

There are two ways to represent a c.e. real number a G (0, 1) in PA: 1) by giving an 
increasing 1-1 primitive recursive function that enumerates a c.e. prefix-free set of strings 
{si} such that a = X^i^"'**', 2) by giving an increasing primitive recursive sequence (ai)j 
of rationals in the unit interval whose limit is a. It is clear that given the representation 
1) one can effectively get the representation 2). The converse is also true. 

Lemma 10 Let a be a c.e. real defined by the increasing primitive recursive sequence [aiji 
of rationals. Then there is a primitive recursive sequence {ni)i of natural numbers such 
that PA proves 2~"'» = a. 

Proof. Without loss of generality assume ai > 0. Define the primitive recursive sequences 
{fi)i £ Q and (raj)i G N by ro = and for i > 1 by 

rii = \- log2(ai - Ti-i)] ,ri = ri-i + 2~"'. 

Since {ri)i is strictly increasing we can establish by induction the inequality r^-i < for 
all i, making the logarithm well-defined. By construction we have ^ - 2~^* = limj^co fi- 
Define (3 = linij^oo^^i- Since — log2(ai — rj-i) < Ui < — log2(aj — rj_i) -|- 1 we have 
(oj + rj_i)/2 < ri < ai. Taking the limit we see that {a + 13)/2 < j3 < a establishing our 
result. □ 

Corollary 11 Let a be a c.e. real defined by the increasing primitive recursive sequence 
{o-i)i of rationals. Then there is a machine M such that PA proves that a = /x(dom(M)). 

Proof. Use Lemma 10 and Theorem 9. □ 

In what follows a c.e. real is given by one of the above representations. 

A c.e. real a is provably Chaitin-random if there exists a provably universal machine U 
and constant c such that PA proves that for all n > 1, LLu{a{n)) > n — c. A c.e. real a 
is provably ML-random if for every set A which PA proves to be a ML test and PA proves 
that there exists an i such that a ^ A^. 

The classical theorem that states that a real is Chaitin-random iff it is ML-random is 
provable in PA. However, for the goal of this paper only one implication is needed: 

Theorem 12 Every c.e. provably Chaitin-random real is provably ML-random. 
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Proof. Take a c.e. real a, a machine U which is provably universal and a natural c > 
such that PA proves that for all n> 1, Hu{a{n)) > n — c. 

We wish to prove that for every A = (An) which PA proves to be a ML test there exists 
an i such that PA proves that a ^ Ai. Following the proof of Proposition 6.3.4 in [4] it 
follows that PA proves the existence of a c.e. set 5 C S* x N such that each Si = {x & 
S* I {x, i) G S} is prefix-free, and by taking Ai = {(3 \ j3{m) G Si, for some m > 1} we get 

Let gi: N — > S* X S* be a 1-1 primitive recursive enumeration of the graph of U. Denote 
by TTj: S* X S* — >■ S* for ^ = 1,2 the projection functions and f{i) = 'K\{g{i)) is a 1-1 
primitive recursive enumeration of dom(?7). Note that Hij{x) can be expressed in PA: 
Hu{x) = va:m.i{\v\ ■.U{v)=x} = minj{|7ri(5(z))| | TT2{9{i)) = x}. 

We have: 

^ ^ = ^2X5,2) < ^2"2-' < 1. 

n>2seS„2 n>1 n>2 

We can now use Theorem 9: There exists a provably prefix- free machine M such that: 
/x(dom(M)) = En>2Ese5„2 2~^'''~"J, dom(M) = K,, \ n > 2,s e 5„2,|r„,,| = \s\ - 
n},M(rn,s) = "S- Since U is provably universal there is a constant d > 1 such that for all 
strings x,Hi/{x) < Hm{x) + d, so in particular, PA proves that for all n > 2, if s G 5^2, 
then Hu{s) < Hm{s) + d < |s| — n + d < \s\ — n + d + 1. 

We are now in a position to find a natural n > 2 such that PA proves that a ^ ^4^2 
showing that a is provably ML-random. Note that for n > 2, PA proves a ^ A^2 iff for all 
m > 1, PA proves that a{m) ^ S'„2. For all m > 1, PA proves that a{m) G )S„2 implies 

Hu{a{rri)) < m — n + d+l. Hence, for 2 < n < c+d+l, PA proves that Hu{a{m)) > m — c 
implies a(m) ^ S'„2, so because a is provably Chaitin-random PA proves that a ^ Aj^2. □ 

Comment The above proof shows that that = {/9 | Hu{(5{n)) < n — m, for some n > 
1}, where U is & provably universal machine, is a provably ML test such that for all n > 2 
and provably ML test A there exists d> such that PA proves the inclusion A^2 C T^_^_i, 
i.e. (T^)^ is a provably universal ML test. 

To be able to complete our program we need to choose a specific representation for a c.e. 

and random real which can be "understood" by PA and, even more importantly, PA can 
extract from it a proof of the randomness of the real (c.e. is obvious). First we work with 
Solovay representation formula discussed at the end of Section 3. 

A real a is c. e. and provably random if there exists a representation of a in the form 

a = 2-''-nv + j, (1) 
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where y is a provably universal machine, c > is an integer and 7 > is a provably 
c.c. real. Theorem 20 shows that all c.e. random reals have a representation of this form. 
In detail, PA receives an algorithm for a machine V, a proof that V is prcfix-frcc and 
universal, an integer c > and a computable increasing sequence of rational converging 
to a real 7 > 0. The goal is to prove that PA can use this information to prove that 
a = 2""^ • + 7 is c.e. and random. 

6 Chaitin's Theorem Revisited 

Chaitin [7] proved that the halting probability of a universal machine is Chaitin-random. 
This theorem is provable in PA: 

Theorem 13 Suppose U is provably universal. Then ^jj = J2pedora{u) provably 
Chaitin-random. 

Proof. Let g': N — E* x E* be a 1-1 primitive recursive enumeration of the graph of U. 
Denote by vrj : E* x E* — > E for i = 1,2 the projection functions and f{i) = Tri{g{i)) is 
a 1-1 primitive recursive enumeration of dom(i7). Recall that Hu(x) can be expressed in 
PA. Define the machine M by M(Ol^l Ix) = x. Since U is provably universal, there is a c 
such that for all x, Hu{x) < Hm{x) -\-c = 2\x\ -\-c-\-1. This shows that Hu{x) is provably 
total and U is provably onto. 

Define the primitive recursive sequence of rationals oj^ = 2^l'^i'^^(*))l and notice that 
{uJk)k is provably strictly increasing; VLij is, by definition, the limit of this sequence. 

Define C{x) = v if there exist t,j such that 
1- 71"! (^(i)) = X (i.e. X e dom(C/)), 

2. t is the least such that O.Tr2{g{j)) < uJt (i-e- O.U{x) < ut), 

3. V is the lexicographically least string such that v / 7r2(5'(s)) for all 1 < s < t. 

This defines a provably prefix-free machine. Observe that if C{x) is defined and U{x) = 
U{x') then C{x) = C{x'). From this we can establish that whenever C{x) is defined we 
have Hc{C{x)) < Hu{U{x)). As U is provably universal, there exists an a such that for 
all y, Hu{y) < Hc{y) -I- a is provable in PA. 

Denote by the ith digit of flu. Since U is provable onto, for each n there exists a 
string Xn such that U{xn) = Since O.r^i • • • < we know that C(x„) is 

defined. Let t be the least natural (found when evaluating C{xn)) such that O.C/(a;„) < 
ujt <^u < ^■U{xn) + 2~". The inequality X)j>t_|_i 2~'^i(f*^*)) < 2""- is easy consequence, so 
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for all z > t + 1 we have |7r2(5(i))| > n. Since C(xn) equals g{i) for some i > t + 1 hy 
construction, we have that for all n 

n < Hu{C{xn)) < Hu{U{xn)) +a = Hu{^i ■■■^n)+a 
is provable in PA. That is, is provably Chaitin-random. □ 

Prom Theorem 13 we deduce that PA can prove the implication: "if U \s & provably 
universal machine, then VLu is Chaitin-random." We know that every c.e. and random 

real is the halting probability of a universal machine, but we need more: Can any c.e. 
and random real he represented as the halting probability of a provably universal machine ? 
First we have to check whether every universal machine is provably universal. 

Theorem 14 There exist a provably universal machine and a universal machine that is 
not provably universal. 

Proof. The set of all provably prefix- free machines is c.e., so if {Mi)i is a computably 
enumeration of provably prefix-free machines, then the machine U defined by ?7(0*lx) = 
Mi(x) is a provably universal machine. 

Let {fi)i be a c.e. enumeration of all primitive recursive functions : N — > S* and (Tj) a 
c.e. enumeration of all machines. Fix a universal machine U and consider the computable 
function : N — > N such that: 

T ■(x) = [ ifforsomej>0,#{/i(l),/,(2),...,/i(i)}>|x|, 
' \ CO, otherwise. 

For every i, rg(j') is a universal machine iff /i(N) is infinite (if /i(N) is finite, then so is 
Tg^j) ) . Since the set of all indices of primitive recursive functions with infinite range is not 
c.e. it follows that there is an i such that PA cannot prove that Tg(^f^ is universal. □ 

Theorem 14 does not imply a negative answer for the previous question; in fact. Corollary 25 
shows that the answer is affirmative. Theorem 14 produces examples of true and unprovable 
(in PA) statements of the form "F is universal" . 

7 Provably C.E. Random Reals 

In this section we sharpen Theorem 1 by proving that a real is provably c.e. and Chaitin- 
random iff it is provable that the real is the halting probability of a provably universal 
machine. 
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According to Solovay [20] a c.e. real a Solovay dominates a c.e. real P (we write P <s a) if 
there are two computable, increasing sequences (aj)j and {bi)i of rationals and a constant 
c with lim„_»oo = lini„_+oo bn = /?, and c{a — a„) > P — bn, for all n. 

For c.e. reals a, /3, PA proves /3 <s a if there are two primitive recursive, increasing 
sequences (cj), and {hi)i of rationals and a constant c such that PA proves lim„_>oo On = ct) 
limn^oo = and c(a — On) > P — bn, for all n. 

Theorem 15 /fa «s c.e. and provably ML-random, and P is c.e., then P <s a is provable 
in PA. 

Proof. Let {ai)i and be primitive recursive sequences of rationals with limits a and 
P respectively. Let ao = bo = 0. 

For each n, for i > 1 if ^ Uj=i ^nb] then define Tn[i] = [a^, + 2~"(6j — ^^n)), where 
= maxj<j{_7 : Tji\j] 7^ 0} is the most recent non-empty stage, or = if this is the first 
non-empty stage. Otherwise define Tn[i] = 0. 

Let denote the jth non-empty stage, wherever that is well-defined, and let Sq = 0. 
Observe that 

Tn = [jTn[i] = [J Ky, a^y + 2-'^{bs^ - bs^_J) 

i j>l 

and that all the sets in the above union are disjoint by construction. As a result //(T„) = 
X;j>i 2~"(6sy - 6sn_ J < 2-^*, so PA proves that (r„)„ is a ML-test. 

Because a is provably ML-random, PA proves that there exists an m such that a ^ T^, 
so for all j > 1 we know that is well-defined. By construction we have the inequality 
^sf^i ^ Wsf,o,sf + 2~"^(6sji — bs^_^)) which implies that bgv^ — ^s^j < ^'"(asm^^ — Ogv^). 

Defining a'j = a^m and bj = bgji^^, we have for all j > I that b'j_^_-^^ — b'- < 2™(aj_,_^ — a^-), 
where {a'j)j and {b'j)j are primitive recursive sequences of rationals which provably converge 
to a and P respectively. So PA proves P <s Oi. □ 

Corollary 16 If a is c.e. and provably Chaitin-random and P is c.e., then P <s a is 
provable in PA. 

Proof. See Theorems 12 and 15. □ 

Theorem 17 Suppose V is a provably universal machine, a is c.e., and fiy <s' a is 
provable in PA. Then there exists a provably universal machine U such that = a is 
provable in PA. 
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Proof. Since Qy <5 cKj there exist primitive recursive increasing sequences {ai)i and (bi)i 
of rationals, with limits a and respectively, and a constant c > such that for all n 

bn+i-bn<2''{an+i-an). (2) 

Define ttQ = bo = 0. Form the real 

7 = a - 2"^= • Oy = "^{an+i - an) - 2"''(6„+i - 

n 

By equation (2) the terms of the sum are positive, so 7 G (0, 1) is c.e. Applying Lemma 10 
to 7 we get a primitive recursive sequence (mi)i of natural numbers such that 2^"*» = 7. 

Let {vi)i be a 1-1 primitive recursive enumeration of dom(y), and define the sequence of 
requests y2i = Vi,n2i = \vi\ + c, y2i+i = v,n2i+i = mi, where v is an arbitrarily fixed 
element in dom(y). 

By Theorem 9 we get a provably prefix-free machine M and a primitive recursive enu- 
meration {xi)i of dom(M) such that the following three statements are provable: 1) 
/x(dom(M)) = Y.- 2""% 2) \xi\ = rii for all i, 3) M{xi) = yi for all i. 

Consider the machine U = V oM. The machine U is provably universal. Indeed, U{x2i) = 
V{M{x2i)) = V{y2i) = V{vi) and |a;2i| = n2i = \vi\ + c, by construction of M. Finally, it is 
provable that nu = Zpe dom(c/) = 2""^* + 2""^^+! = 2"^ ■ Qy + 7 = a. 

□ 

Using all results above we obtain: 

Theorem 18 A c.e. real a is provably Chaitin-random iff it is provable that a = for 
some provably universal machine U. 

Proof. Suppose a is provably c.e. and Chaitin-random. By Theorem 12, a it is provably 
ML-random. Take a provably universal machine V (Theorem 14). From Theorem 15 we see 

that riy <s' a is provable in PA. By Theorem 17 we effectively get a U which is provably 
universal and prefix-free such that a = ilu is provable in PA. The converse is exactly 
Theorem 13. 

□ 

Corollary 19 Every provably c.e. and Chaitin-random real is provably random. 

Proof. If a is provably Chaitin-random and c.e. then by Theorem 18, a = fljj for some 
provably universal machine U, so a satisfies Solovay's formula (1) with c = 1, 7 = 1/2 • ftu. 

□ 
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8 Every Random C.E. Real Is Provably C.E. Random 



This section proves its title. We start with the following result by Solovay [18]: 

Lemma 20 Let V he a universal machine. If a is c.e. and ML-random, then there exists 
an integer c > and a c.e. real 7 > such that (1) is satisfied. 

Proof. Using the proof of Theorem 15, we deduce that J7y <s a (because a is c.e. and 

ML-random). Consequently, we can consider the primitive recursive increasing sequences 
{ai)i and {hi)i of rationals, with ao = feo = and converging to a and respectively, 
and a constant c > such that for all n, — 6„ < 2'^(a„_(_i — a„). The c.e. real 7 = 
a — 2~"^ • = X]„(an+i — On) — 2~"^(6n+i — ^n) is positive and a = 2"'^ ■ Jly + 7. 

□ 

It is not difficult to see that the converse implication in Lemma 20 is also true. In fact, a 
sharper result can be proved: 

Theorem 21 Let V be provably universal, c>0 be an integer, 7 a positive c.e. real. Then 
a = 2~"^ • fly + 7 is provably Chaitin-random (ML-random). 

Proof. Let (vn) be a primitive recursive enumeration of the domain of V and (6„)„ be 
a primitive recursive increasing sequence with limit 7. The sequence of rationals q;„ = 
^ '^X^iLi 2~l'''l + bn is primitive recursive, increasing and converges to a. 

Take a„ = Y17=i 2~'^'' and observe that for all n, a„+i — a„ < 2^(a„_|_i — q„), hence PA 
proves that J7y <s a- Using Theorem 17 we can find a provably universal machine U such 
that Qjj = a is provable in PA. By Theorem 13, a is provably Chaitin-random and by 
Theorem 12, a is provably ML-random. □ 

We can now state our main result: 

Theorem 22 Every c.e. and random real is provably c.e. and Chaitin-random (ML- 
random), hence provably c.e. and random. 

Proof. Start with a provably universal machine V (Theorem 14). By Lemma 20 there 
exist c and 7 defining the representation (1) for a: a = 2~'^ ■ Qy + 7- Since V is provably 
universal, Theorem 21 shows that that 2"*^ • ^ly -|- 7 is provably Chaitin-random (ML- 
random). Therefore a is provably Chaitin-random (ML-random). Finally use Corollary 19 
to deduce that a is provably random. □ 
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Theorem 18 can now be stated in the form: 



Theorem 23 A real a is provably c.e. and random iff it is provable that a = for some 
provably universal machine U. 

Proof. Use Theorem 22 and Corohary 19. □ 

Corollary 24 For every universal machine U there exists a provably universal machine 
U' such that Q,u = ^jji . 

Proof. Since Qu is c.e. and random, by Theorem 22 we deduce that ^lu is provably 
Chaitin-random, so by Theorem 18 we get a provably universal machine U' such that 

Corollary 25 Every c.e. and random real can be written as the halting probability of a 
provably universal machine. 

Proof. Use Theorems 22 and 23. 

□ 



9 A Negative Result 

Prom the previous two sections we know that every c.e. random real can be written as 
the halting probability of a provably universal machine, so it is provable random. Does 
there exist a universal machine whose halting probability is not provable random? By 
Theorem 13 such a machine should not be provably universal (and such machines exist by 
Theorem 14). 

We answer in the affirmative this question. To this aim we fix an effective enumeration of 
all c.e. reals in (0,1) (7i)j (for example, by enumerating all increasing primitive recursive 
sequences of rationals in (0,1)) and define the set 9^cc = {7 G (0,1) | 7 is c.e.}. A set 
A C IHce is called c.e. if the set {i G N | 7^ G A} is c.e. Note that in A we enumerate all 
indices for all elements in A. 

Lemma 26 [14] If A C is c.e., then for all c.e. reals a e A and 13 > a we have P e A. 

Proof. Let K = {fcj} be a c.e. not computable set of natural numbers enumerated by 
a primitive recursive function i 1-^ ki, and for each n let (a")j be a primitive recursive 
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increasing sequence of rationals in (0,1) such that Hmj_>oo o,^ = In- Let a = hmj_>oo afj P = 
Hmj_,oo ctj ^-^d define the function 



Because j3 > a there exists a natural zq such that af^ < a\^. If j G then there exists 
an m such that j = km, hence = a\, for i > max{iQ,m}, so limj-^oo r(z,_7) = /3. If 

J ^ then for all i, = a|, so \imi^ooT{i,j) = a. 

Because of the uniform definition of r(z,_7) we can construct a computable function / such 
that limj_oor(i,j) = jf^jy 

Finally, let's assume by absurdity that P ^ A. The set {j G N | 7/(j) G A} is c.e. because 
A is c.e., but in view of the definition of F, {j G N | "Jf^j) G ^} = {j G N | 7/(j) = a} = 
{j G N I j ^ K}, a non c.e. set. □ 

Let {Ui)i be a c.e. enumeration of all universal machines. Consider now the sets O^hait = 

{^Ui} and O^ccrand = {7 ^ ^ce | 7 is provably random}. By enumerating proofs in PA we 
deduce that ^^(^J^and i^ ^a^rand ~ i^f(i)}^ some primitive recursive function /. 

We have: {7/(i)} C {^Ui} C {ji}- Is ^Hhait c.e.? The answer is negative: 
Theorem 27 There exists a universal machine Uf such that ^lu^ / 7/(i)) f^i" oil i- 

Proof. Take a universal machine U such that > 1/2 and construct the c.e. real /3 = 

Qu{n + 1)11 • • • , where Qij{n + 1) = l^O. As /? > Qu and (3 is not random, /3 O^/., for 
all i, so by Lemma 26, {^2;/.} is not c.e., hence the theorem is proved. □ 

Comment There is no contradiction between Corollary 24 and Theorem 27: there exist 
a universal machine Ut and a provably universal machine Uj such that 0,u^ = Qjjj and 
^ 7f(i)' ^' P"'^ cannot prove the randomness of based on Ut, but can prove 

the randomness of = ^Uj based on Uj. 

10 Formal Proof of the Kraft-Chaitin Theorem 

In the above we gave proofs that various statements, once suitably formalised in the lan- 
guage of first order logic, were derivable from the axioms of PA. In principle, but for lack 
of space and patience, we could have presented complete PA derivations of each statement 
proved. Instead, as is common practice for all but the simplest of results, we sketched 
constructions which leave the actual derivations implicit. 




max{ a| , a* } , otherwise . 



if j / km, for all m < i, 
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Recent advances in theorem proving computer programs, such as the proof assistant Isabelle 
[17], have allowed complete formal derivations of nontrivial mathematical results. In such 
systems, humans write a sequence of proof commands, and the computer system searches 
for a complete derivation, if one exists. Essentially, the human user gives a sequence of 
intermediate lemma with proof directions, and the computer interpolates the full derivation. 
(For a recent perspective on the importance of formalising mathematics see [10].) 

Using Isabelle, we formalised and proved the Kraft-Chaitin Theorem (Theorem 9), a key 
result in our above proof. To keep our presentation self-contained, we begin by showing 
how to formalise and prove a simple result about strings; for a full introduction to the 
Isabelle system see [17]. We follow with a formalisation of the Kraft-Chaitin Theorem, 
then sketch its formal proof. The full proof script is available online [13]. 

10.1 Formalising Results in Isabelle 

To illustrate Isabelle and its use, we will formalise and prove the following simple property 
of strings: 

Lemma 28 Given strings x,y,z E T,*, if x extends y then xz extends y. 

Strings are naturally represented by the Isabelle list data-type. Here [] represents the 
empty list, and y#ys represents the list formed by concatenating the element y with the list 
ys. For example, the string 001 is represented by # # 1 # [] (or [0,0,1] for short). 
The following code inductively defines whether the list A extends B, denoted extends A B: 

fun extends :: '"A list => 'A list => bool" 
where 

"extends [] [] = True" 
I "extends [] (y#ys) = False" 
I "extends x [] = True" 

I "extends (x#xs) (y#ys) = ((x=y) & (extends xs ys))" 

When faced with the above definition, Isabelle automatically proves termination (in this 
case, by observing that the first argument always decreases in length with each recursive 
call). 

Let us first prove that any list extends the empty list. We enter into Isabelle: 
lemma extendsl: "extends A [] " 

It responds with the propositions we need to prove: 
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goal (1 subgoal) : 
1. extends A [] 

It is natural to prove this by induction on A, by entering the command apply (induct A). 
This results in two proof obligations, one for the base case and the other for the inductive 
step: 

goal (2 subgoals) : 

1 . extends [] [] 

2. !!a A. extends A [] ==> extends (a # A) [] 

The first proposition is one of the cases in our definition of extend. In the second ! ! 
denotes universal quantification and this similarly follows from one of our definition cases. 
Wc tell Isabelle to simplify these expressions with the command apply (simp_all) . Isabelle 
manages to simplify all these expressions down to True, using rewrite rules for simplifying 
conjunctions, variable identity, and expanding the definition of extends. As a result we 
get: 

goal: 

No subgoals ! 

Having completed the proof, we compactly store it in the following format: 

lemma extendsl: "extends A [] " 

applyCinduct A) apply(simp_all) 
done 

We can now attempt our original goal: 

lemma extends2: "extends (A@B) A" 

goal (1 subgoal) : 
1. extends (A B) A 

The concatenation of lists A and B is denoted A B. We again induct with the command 
applyCinduct A), then simplify with the command apply (simp_all) 

goal (2 subgoals) : 
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1. extends ( [] OB) [] 

2. ! !a A. extends (A B) A ==> extends ((a # A) OB) (a # A) 

goal (1 subgoal) : 
1. extends B [] 

Since we proved this before, we use the command apply (simp only: extendsl) to reuse 
our previous result, completing the proof. In sum: 

lemma extends2: "extends (AOB) A" 

apply (induct A) apply (simp_all) apply (simp only: extendsl) 
done 

10.2 Formalising the Kraft-Chaitin Theorem 

The proof of the Kraft-Chaitin Theorem is algorithmic: it describes a particular algorithm 

(Algorithm 1 of Theorem 9) for selecting strings of the required lengths, and proves that 
the algorithm is correct. In what follows we will implement this algorithm in Isabelle and 
will prove its correctness. 

The following Isabelle code implements Algorithm 1. We give the definition of each func- 
tion, then explain what it does. 

fun extend : : "nat list => nat => nat list list" 
where 

"extend 1 = [1] " 
I "extend 1 (Sue n) = (hd (extend 1 n) [0] ) # (hd (extend 1 n) [1]) 

# tl (extend 1 n) " 

For 1 a binary list representing a binary string, and n a natural number, extend 1 n 
computes the list 

[zo"-i'i,zo"-i'i-4,...,zoi,zi]. 

For example, in Isabelle the expression extend [0,0,1] 5 evaluates to 

[[0,0,1,0,0], [0,0,1,0,1], [0,0,1,1]] 
This corresponds to the set {00100,00101,0011} of binary strings. 

The set of unallocated prefixes Si and the set of allocated strings Tj arc represented by 
lists of strings. The free prefixes are ordered by decreasing length, the allocated strings by 
the order of allocation. 
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Consider one iteration of the main loop. Let A be the hst of previously allocated strings, 
F the list of free prefixes, and n the length of the string we want to allocate at this step. 
(These are denoted Tj, Si, and rij in the original algorithm.) kcstep A F n returns the 
updated pair of allocated strings and free prefixes (Sj+i and Tj+i). 



consts kcstep : : "nat list list => nat list list => nat 

=> (nat list list * nat list list)" 

primrec 

"kcstep A □ n = (A, [] ) " (* fail case *) 

"kcstep A (f # F) n = (if length f <= n 

then ((hd (extend f (n - length f))) # A, 
(tl (extend f (n - length f))) OF) 

else (fst (kcstep A F n) , f # snd (kcstep A F n)))" 



kcstep searches through the list F of free prefixes for the longest string of length at most 
n. One it finds it, it calls extend, which returns a list of extended prefixes. It takes the 
first string in the list, guaranteed to have exactly length n, and adds it to the allocated 
strings list. The rest of the strings are placed on the free prefixes list. 

For example, kcstep [] [[]] 2 evaluates to 



([[0,0]], [[0,1], [1]]) 



which corresponds to the list 00 of allocated strings and the set {1,01} of free prefixes. 



consts kcloop : : "nat list => (nat list list * nat list list) 

=> (nat list list * nat list list)" 

primrec 

"kcloop [] X = X" 

"kcloop (l#ls) X = (kcstep (fst (kcloop Is X)) (snd (kcloop Is X)) 1)" 



For a list of lengths 1 and a pair (A,F) of allocated strings and free prefixes, kcloop 1 
(A,F) runs kcstep to allocate strings for every length in 1. For example, kcloop [3,4,2] 

( [] , [ [] ] ) allocates a string of length 2, then one of length 4, then one of length 3, 
starting from the initial state where no strings are yet allocated ( [] ) and the empty string 
is our free prefix ([[]]). 

For example, kcloop [3,2] ( [] , [ [] ] ) evaluates to 



([[0,1,0], [0,0]], [[0,1,1], [1]]) 
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which corresponds to the Ust 00,010 of allocated strings (note that we reverse the list), 
and the set {1,011} of free prefixes. 

fun kc : : "nat list => nat list list" 
where 

"kc Is = (fst (kcloop Is ([],[[]])))" 

For a list of lengths 1, kc 1 returns the list of strings allocated by running kcloop on the 
list starting from the initial state where no strings have been allocated. For example, kc 
[4,3,2] evaluates to 

[[0,1,1,0], [0,1,0], [0,0]] 

which corresponds to the sequence 00,010,0110 of allocated strings. 
This implements Kraft-Chaitin's algorithm, for we will prove that: 

1. If our list of lengths obeys Kraft's inequality, X^j2^"* < 1, then kc Is is a list of 
strings, and the ith element of kc Is has length equal to the zth element of Is. 

2. kc Is is always a prefix-free list (no two distinct elements of the list are prefixes of 
each other). 

3. If we add new lengths to the start of Is, then this adds new strings to the end of kc 
Is without changing the old ones. That is, once a string of a given length is allocated 
it is not changed. 

To prove the above we need to define what a prefix-free list is, a function to evaluate Kraft's 
inequality, a function which checks whether the lengths of one list match the lengths in 
another, and a tool to check whether one list extends another. 

fun prefixes : : "nat list => nat list => bool" 
where 

"prefixes [] x = True" 
I "prefixes x [] = True" 

I "prefixes (x#xs) (y#ys) = ((x=y) & (prefixes xs ys))" 

consts incomparable : : "nat list => nat list list => bool" 
primrec 

"incomparable x [] = True" 

"incomparable x (y # ys) = ("(prefixes x y) & (incomparable x ys))" 



21 



consts pref ixfree : : "nat list list => bool" 
primrec 

"pref ixfree [] = True" 

"pref ixfree (x # xs) = ((incomparable x xs) & (pref ixfree xs))" 

If X is a prefix of y, or vice versa, then prefixes x y. For example prefixes [0,0,1] 
[0 , 0] is true, incomparable x A liolds if x is not a prefix of any string in A, for instance 
incomparable [0,0] [[1,0], [1 , 1 , 1] ] holds, pref ixfree L holds if the list L is prefix- 
free, for instance pref ixfree [[0,0], [1,0], [1,1,1]] holds. 

consts expn2 : : "nat => rat" 
primrec 

"expn2 0=1" 

"expn2 (Sue n) = (1/2) * expn2 n" 

consts meas_nat : : "nat list => rat" 
primrec 

"meas_nat [] =0" 

"meas_nat (f #F) = (expn2 f + meas_nat F) " 

We define expn2 n equal to 2~". meas_nat F computes the "measure" of a sequence of 
natural numbers F, for example meas_nat [4,3,2] equals 7/16. 

fun lengthsmatch : : "nat list list => nat list => bool" 
where 

"lengthsmatch [] [] = True" 
I "lengthsmatch [] (l#ls) = False" 
I "lengthsmatch (x#xs) [] = False" 

I "lengthsmatch (x#xs) (l#ls) = ((length x = 1) & (lengthsmatch xs Is))" 

The expression lengthsmatch X Y holds if the lengths of each string in X matches the cor- 
responding number in Y. For example, we have lengthsmatch [[0,0], [1,0], [1,1,1]] 
[2,2,3] is True. 

fun extends :: "'A list => 'A list => bool" 
where 

"extends [] [] = True" 
I "extends [] (y#ys) = False" 
I "extends x [] = True" 

I "extends (x#xs) (y#ys) = ((x=y) & (extends xs ys))" 
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Finally, extends A B holds if the list A extends the list B, so extends [0 , 1] [0] holds. 
With the above definitions we can state the three results which establish correctness: 

theorem kc_correctl: "meas_nat Is <= 1 ==> lengthsmatch (kc Is) Is" 

theorem kc_correct2: "prefixfree (kc Is)" 

theorem kc_extend: "extends (rev (kc (L2 LI))) (rev (kc LI))" 

The first says that if Is is a list of natural numbers which satisfies Kraft's inequality 
^^2~"' < 1, then the strings kc Is allocated by running Algorithm 1 on this list have 
exactly the lengths Is we asked for. 

The second says the strings allocated are prefix-free. 

The last says that when Algorithm 1 allocates additional strings it does not change strings 
it has previously allocated. To sec this, note that when we run kc L the algorithm allocates 
strings starting from the end of the list L. This means, the first element of kc L is the last 
string allocated, kc (L2 @ LI) is the list of strings allocated if we allocate strings with 
lengths in LI then strings with lengths in L2. 

Together, establishing these would show that the kc algorithm constructively establishes 
the Kraft-Chaitin Theorem. 

10.3 Proof Outline 

All the above merely formalised the algorithm and stated the theorem we wish Isabelle 
to prove. This gets the order mixed slightly, since formalising this theorem unearthed a 
mistake in the algorithm, so the process was mutual. In some sense this formalisation of 
the theorem is the major creative work, the rest is just technical detail. As one might 
guess, however, most of the work is in these details. To prove the above theorems we must 
guide Isabelle to them by establishing numerous intermediate lemmas, and telling Isabelle 
which proof techniques to use to establish each. Often we just advise Isabelle to induct on 
a variable then simplify, but sometimes we must give more detailed guidance. 

The Isabelle proof follows the proof given for Theorem 9: we establish that the inner loop 
preserves some invariants, and use these invariants to establish correctness. 

Recall the algorithm has two variables: the list of allocated strings and the list of free 
strings. Each pass through the loop will (potentially) add one new allocated string, and 
modify the free strings. We then show that these two lists combined remain prefix-free, 
their joint measure never decreases, and that there are never two free strings of the same 
length. 
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For reasons of space wc give only the definitions required to state the above intermediate 
results and show how they are formalised in Isabelle. The proof in its entirety is available 
online [13]. 

fun strictlysorted : : "nat list list => bool" 
where 

"strictlysorted [] = True" 
I "strictlysorted [x] = True" 

I "strictlysorted (xl # x2 # xs) = ((length xl > length x2) 

& (strictlysorted (x2 # xs)))" 

strictlysorted L holds if the strings in L are ordered by (strictly) decreasing length. In 
particular, this means there can be no two strings of the same length in L. 

fvm invl : : "nat list list * nat list list => bool" 
where 

"invl X = strictlysorted (snd X)" 

fvm inv2 : : "nat list list * nat list list => bool" 
where 

"inv2 X = prefixfree ((fst X) (snd X))" 

The first invariant is that the list of free strings is strictly sorted. This is needed to show 
both that there is at most one string of any given length and to show that the algorithm 
will always select the longest string it is able to. 

fvm inv : : "nat list list * nat list list => bool" 
where 

"inv X = ((invl X) & (inv2 X))" 
theorem kcstep_inv: "inv (A,F) ==> inv (kcstep A F n) " 

This says simply that if the invariants held of the variables before running through the 
loop once, then they hold afterwards. 

consts meas : : "nat list list => rat" (* The measure of a prefix free set *) 
primrec 

"meas [] =0" 

"meas (x # xs) = expn2 (length x) + meas xs" 
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This defines the measure of a hst of strings: the usual ^^^x ^ 

lemma kcstep_meas: "meas ((fst (kcstep A F n)) @ (snd (kcstep A F n))) 

= meas (AOF) " 

This says that measure is preserved at each step of the loop. This measure will be 1 for all 
the intermediate states of the kc algorithm, but we need this more general result for the 
inductive proofs to work. 

A number of further intermediate results are required both to establish the above invariants 

and to apply them to the main theorems. Below are three of the most important, which 
one may recall from the proof of Theorem 9 (in total, there are 102 theorems and lemmas 
proved) . 

theorem meas_alloc: "[| expn2 n <= meas F; strictlysorted F |] 

==> length (last F) <= n" 

lemma kcstep_correctl : "[|inv (A,F); expn2 n <= meas F|] 
==> (tl (fst (kcstep A F n)) = A) 

& (length (hd (fst (kcstep A F n))) = n) " 

lemma kcstep_correct2 : "[|inv (A,F); expn2 n <= meas F|] 

==> meas (fst (kcstep A F n)) = meas A + expn2 n" 

Theorem meas_alloc formalises the result that if 2~" is smaller than the measure of a set 
F, and that set has no two strings of the same length, then there is a string of length at most 
n in F. Lemma kcstep_correctl says that if the invariants are satisfied by the current 
variables A and F, and the measure of F is at least 2~", then kcstep succeeds. This means 
that we allocate one new string of length exactly n, leaving the old strings untouched. 
Lemma kcstep_correct2 expresses an implied result: if the algorithm succeeds, then the 
measure of the list of allocated strings increases by exactly 2~" (Isabelle will often not 
notice conclusions that seem obvious to the prover; they must be spelt out). 

11 Final Remarks 

If PA receives an algorithm for a machine V, a proof that V is universal and prefix-free, 
an integer c > 0, and a computable increasing sequence of rationals converging to a real 
7 > 0, then PA can prove that a = ■ fiy + 7 is c.e. and random. Similarly, if PA 
receives an algorithm for a machine U, a proof that U is universal and prefix-free, then it 
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can prove that is c.e. and random. This implies that every c.e. random real is provably 
c.e. and random — as stated in Solovay's email [18]. 

We have offered two representations for c.e. and random reals from which PA can prove 
that the real is c.e. and random. In the first we fix a provably universal prefix-free machine 
V and we vary the integer c > and the c.e. real 7 > to get via the formula 2""^ • Q,v + 7 
all c.e. and random reals. In the second we vary all provably universal prefix-free machines 
U to get via flu all c.e. and random reals. 

A key result was to show that the theorem that "a real is c.e. and random iff it is the 
halting probability of a universal machine" [6, 16, 4] can be proved in PA. Our proof, 
which is simpler than the standard one, can be used also for the original theorem. 

We proved two negative results showing the importance of the representation for provability 
of randomness: a) there exists a universal machine whose universality cannot be proved 
in PA, b) there exists a universal machine U such that, based on U, PA cannot prove the 
randomness of flu. 

Chaitin [9] explicitly computed a constant c such that if N is larger than the size in bits 
of the program for enumerating the theorems of PA plus c, then PA cannot prove that a 
specific string x has complexity greater than N, Hu{x) > N. Consequently, PA cannot 
prove randomness of almost all random (finite) strings. Our positive result shows an 
interesting difference between the finite and the infinite cases of (algorithmic) randomness. 

Does our positive result contradict Chaitin and Solovay's negative results discussed in the 
Introduction? The answer is negative because the digits of the binary expansion of a 
random c.e. real are not computable. 

Our positive result would not be satisfactory without demonstrating our proofs with an 
automatic theorem prover. We have chosen Isabelle [17] to obtain an automatic proof of 
our version of the Kraft-Chaitin Theorem, one of the key results of this paper. The paper 
contains a description of the formalisation (for Isabelle) of the Kraft-Chaitin Theorem and 
the description of the main steps of the automatic proof; the full proof is available online 
[13]. 

Finally we speculate about the role of the automatic prover. How can an automatic the- 
orem prover help understanding/proving a mathematical statement?^ There are at least 
three possibilities, a) Use the prover to verify the theorem by discovering a proof, call it 
"Solovay mode" (because this corresponds to the result reported in this paper: Bob Solo- 
vay communicated to one of us the statement to be proved and we found a proof). It is 
worth observing that the Kraft-Chaitin Theorem has two "roles" : one, as an algorithm, to 
be executed, the other, as a mathematical statement, to be proved. Previous formalisation 

^The reader may note that we don't question the fact that am automatic theorem prover helps under- 
standing mathematics, [5]. 
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efforts focused only on the first part^; our present work was directed towards tfie second. 
One could imagine that mathematical journals might use such systems in the process of 
rcfcreeing [5, 12]. b) The second possibility is to use the provcr to verify a human-made 
proof — a full Isabelle proof for all results in this paper is under construction, c) The third 
possibility is to use the prover as some kind of "assistant" in an interactive process of 
discovery/proving. During the work to automate the proof of the Kraft-Chaitin Theorem 
a mistake in our human-made argument was unearthed and corrected. We also used the 
experience with Isabelle to test the adequacy of the representation of a c.e. random real in 
meeting the goal: to obtain the PA proof of randomness. 
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